Skip to content

Vishwa-ud/Timetable_Management_System_Backend

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 

Repository files navigation

University Timetable Management System


RESTful API for managing a university's timetable system Backend

Table of contents

Installation

To run this project locally, follow these steps:

  1. Create a New Folder Open it

  2. Press Alt + D to select the address bar.

  3. Type cmd and press Enter. This will open a command prompt window with the current folder as its location. (this method will open a command prompt window with the directory set to the folder you specified, allowing you to run commands directly in that folder)

  4. Clone the repository to your local machine using Git:

git clone github_repo_link
  1. Navigate to the project directory
cd backend
  1. Install the project dependencies using npm.
npm i
  1. run
npm start

Tech Stack

  • Node.js
  • Express.js
  • MongoDb
  • JavaScript

Aditional Dependencies

  • jsonwebtoken for session management.
  • bcrypt for Hashing passwords.
  • Winston Logger for Log critical information for audit and diagnostic purposes.
  • Jest for Unit Testing.
  • Helmet js helps secure Express apps by setting HTTP response headers.
  • OWASP ZAP proxy security for testing
  • Postman API end point check and integration testing
  • artillery.io for performance testing.

Functional Requirements

  1. User Roles and Authentication:
  • Define multiple user roles (e.g., Admin, Faculty, Student) with different access levels.
  • Implement secure login functionality and session management using JWT.
  1. Course Management:
  • Allow CRUD operations on courses, including course name, code, description, and credits.
  • Enable Admins to assign Faculty to courses.
  1. Timetable Management:
  • Facilitate the creation and modification of weekly timetables for different courses.
  • Include functionality to add, update, and delete class sessions, specifying the course, time, faculty, and location.
  1. Room and Resource Booking:
  • Manage classrooms and resources (e.g., projectors, labs) availability.
  • Allow booking of rooms and resources for classes or events, ensuring no overlaps.
  1. Student Enrollment:
  • Enable students to enroll in courses and view their timetables.
  • Allow Faculty and Admins to view and manage student enrollments in courses.
  1. Notifications and Alerts:
  • Implement a system to notify users of timetable changes, room changes, or important announcements.

Request methods

The request method is the way we distinguish what kind of action our endpoint is being "asked" to perform. For example, GET pretty much gives itself. But we also have a few other methods that we use quite often.

Method Description
GET Used to retrieve a single item or a collection of items.
POST Used when creating new items e.g. a new user, post, comment etc.
PATCH Used to update one or more fields on an item e.g. update e-mail of user.
PUT Used to replace a whole item (all fields) with new data.
DELETE Used to delete an item.

User Roles and Authentication

User Register

Method URL Description
POST http://localhost:8080/api/v1/users/ Create a new User Registration.
  • Validate fields to ensure data integrity.
  • Password validation rules enforce requirements such as containing at least one uppercase letter, one special character, and one number. Implement password complexity validation using Joi.
  • Alert when a user with the given email already exists.
  • Implement password hashing for security purposes.

User Login

Method URL Description
POST http://localhost:8080/api/v1/auth/ User Login.
  • Inform users of invalid email or password during login attempts."
  • After a successful login, a token will be generated with an expiration time.

Role Access

Method URL Description
GET http://localhost:8080/api/v1/users/admin/dashboard Access Granted Admin Dashbord
GET http://localhost:8080/api/v1/users/faculty/dashboard Access Granted Faculty Dashbord
GET http://localhost:8080/api/v1/users/student/dashboard Access Granted Student Dashbord
  • The authorized user’s token. This is used to gain access to protected endpoint.
Header key Value Value
Authorization Bearer GeneratedToken After a Successful loging Generates a token with limited expire time use that as the token.

Course Management

Course

Method URL Description
GET http://localhost:8080/api/v1/courses/ Retrieve all course.
POST http://localhost:8080/api/v1/courses/ Create a new User Registration.
POST http://localhost:8080/api/v1/courses/:id/assign-faculty Assign Faculty to Course.
GET http://localhost:8080/api/v1/courses/:id Retrieve course by ID.
PATCH http://localhost:8080/api/v1/courses/:id Update course by ID.
DELETE http://localhost:8080/api/v1/courses/:id Delete course by ID.    
  • To assign faculty to course login as admin, use the generated token

Timetable Management

Timetables

Method URL Description
GET http://localhost:8080/api/v1/timetables/ Retrieve all Timetables.
POST http://localhost:8080/api/v1/timetables/ Create a new Timetable.
GET http://localhost:8080/api/v1/timetables/:id Retrieve Timetable by ID.
PATCH http://localhost:8080/api/v1/timetables/:id Update Timetable by ID.
DELETE http://localhost:8080/api/v1/timetables/:id Delete Timetable by ID.
  • When time table updateed Locate enrolled students for the updated courses on a daily basis and send out notifications.

Room and Resource Booking

Classroom

Method URL Description
GET http://localhost:8080/api/v1/classrooms/ Retrieve all Classrooms.
POST http://localhost:8080/api/v1/classrooms/ Create a new Classroom.
GET http://localhost:8080/api/v1/classrooms/:id Retrieve Classroom by ID.
PATCH http://localhost:8080/api/v1/classrooms/:id Update Classroom by ID.
DELETE http://localhost:8080/api/v1/classrooms/:id Delete Classroom by ID.    

Resource

Method URL Description
GET http://localhost:8080/api/v1/resources Retrieve all Resources.
POST http://localhost:8080/api/v1/resources Create a new Resources.
GET http://localhost:8080/api/v1/resources/:id Retrieve Resources by ID.
PATCH http://localhost:8080/api/v1/resources/:id Update Resources by ID.
DELETE http://localhost:8080/api/v1/resources/:id Delete Resources by ID.    

Booking

Method URL Description
GET http://localhost:8080/api/v1/bookings Retrieve all Bookings.
POST http://localhost:8080/api/v1/bookings/ Create a new Bookings.
GET http://localhost:8080/api/v1/bookings/:id Retrieve Bookings by ID.
PATCH http://localhost:8080/api/v1/bookings/:id Update Bookings by ID.
DELETE http://localhost:8080/api/v1/bookings/:id Delete Bookings by ID.    
  • The classroom has a specific capacity; when assigning resources, ensure it does not exceed this capacity. Additionally, check if the classroom is already booked for the specified date and time, and verify if any of the resources are already reserved for the same date and time.
  • Check if total resource capacity exceeds classroom capacity.
  • Check if classroom is already booked for the specified date and time.
  • Check if any of the resources are already booked for the specified date and time.

Student Enrollment

Enroollment

Method URL Description
GET http://localhost:8080/api/v1/enrollments/ Retrieve all Enrollments Only Admin and Faculty have Access.
POST http://localhost:8080/api/v1/enrollments/ Create a new Enrollment.
GET http://localhost:8080/api/v1/enrollments/timetable Retrieve timetable for enrolled students.
PATCH http://localhost:8080/api/v1/enrollments/:id Update Enrollment By ID Permisson only for Admin and Faculty.
DELETE http://localhost:8080/api/v1/enrollments/:id Delete Enrollment By ID Permisson only for Admin and Faculty.
  • Only enrolled students have access to the timetable.
  • Faculty and admins are granted permission to view and manage student enrollments in courses

Notifications and Alerts

Notification

Method URL Description
GET http://localhost:8080/api/v1/notifications/ Retrieve all Notifications accessible only by Admin and Faculty.
POST http://localhost:8080/api/v1/notifications/ Create a new Notifications accessible only by Admin and Faculty.
GET http://localhost:8080/api/v1/notifications/:Userid Retrieve Notification By UserID.
PATCH http://localhost:8080/api/v1/notifications/:id Update Notifications accessible only by Admin and Faculty.
DELETE http://localhost:8080/api/v1/notifications/:id Delete Notifications accessible only by Admin and Faculty.   
  • Notify users about timetable changes, room changes, or important announcements.
  • Admins and faculty members can update and delete notifications by ID.

HTTP Response Status Codes

One of the most important things in an API is how it returns response codes. Each response code means a different thing and consumers of your API rely heavily on these codes.

Code Title Description
200 OK When a request was successfully processed (e.g. when using GET, PATCH, PUT or DELETE).
201 Created Every time a record has been added to the database (e.g. when creating a new user or post).
304 Not modified When returning a cached response.
400 Bad request When the request could not be understood (e.g. invalid syntax).
401 Unauthorized When authentication failed.
403 Forbidden When an authenticated user is trying to perform an action, which he/she does not have permission to.
404 Not found When URL or entity is not found.
440 No accept header When the required "Accept" header is missing from the request.
422 Unprocessable entity Whenever there is something wrong with the request (e.g. missing parameters, validation errors) even though the syntax is correct (ie. 400 is not warranted).
500 Internal server error When an internal error has happened (e.g. when trying to add/update records in the database fails).
502 Bad Gateway When a necessary third party service is down.

Non-Functional Requirements

  1. Security

    • hashing passwords using bcrypt
    • When store passwords in a database, it's important to store them securely to prevent unauthorized access. Simply storing passwords in plain text is a significant security risk because if the database is compromised, all passwords would be exposed.
    • using bcrypt to hash it along with a random salt, and storing the resulting hash and salt securely in a database.

    pwd hasing

  • Helmet Js
    • Helmet js helps secure Express apps by setting HTTP response headers.
    • By adding app.use(helmet()), Helmet.js is now applied as middleware to Express application. This will automatically set various HTTP headers to secure application against common vulnerabilities, such as Cross-Site Scripting (XSS), Clickjacking, and other.
  • Enhanced Security: Shields against common API vulnerabilities.
  • Attack Prevention: Guards against XSS, CSRF, and more.
  • XSS & CSRF Protection: Blocks script injections and request forgery.
  • Content Security Policy (CSP): Defines trusted content sources, preventing injection attacks.
  • MIME Sniffing Prevention: Stops browsers from serving malicious content.
  • Referrer Policy Control: Manages referrer information to prevent data leakage.
  • NoCache Middleware: Ensures sensitive API responses aren't cached for data privacy.
  • Easy Integration: Quick setup with Express.js for immediate security boosts.
  • Ongoing Updates: Actively maintained for continuous protection against evolving threats.
  • Before Adding Helmet js

Before

  • After Adding Helmet js

imgonline-com-ua-twotoone-cnemNsicFYA0v

  1. Database Design.

Db

  1. Code Quality and Documentation.
  2. Error Handling and Logging Used Winston logger to Log critical information for audit and diagnostic purposes.

Testing

Unit Testing

Implement unit tests for individual components and functions to validate their behavior in isolation.

  • updated .env for New Database for testing perpose.
DB =mongodb+srv://vishwaud:[email protected]/unittest?retryWrites=true&w=majority&appName=ClusterX
  • Setting up Jest for unit testing
  • Install Dependencies.
    npm install jest supertest --save-dev
    npm i jest supertest cross-env
    
  • Update Package.JSON.
    "scripts": {
      "test": "cross-env NODE_ENV=test jest --testTimeout=5000",
      "start": "nodemon server.js"
    },
    
  • Create a Folder Name test. then create a file there called example.test.js.
  • Then Write Unit Test Cases.
  • Run Test cases
    npm test filename.test.js
    

Comprehensive unit tests covering all components.

Register User

User

Login User

AuthPNG

Course

Course

Timetable

Timetable

Classroom

Classroom

Resource

Res

Bookings

Booking

Enrollments

Enrollment

Notifications

Notification


Integration Testing

Integration testing with Postman involves sending HTTP requests to API endpoints and verifying that the responses match the expected behavior.

  • Install Postman
  • Create a new Collection
  • Add Requests to the Collection
    • Choose the HTTP method (GET, POST, PUT, DELETE, etc.) that corresponds to the endpoint you want to test.
  • Define Tests in Test section Write Test Script.
  • go to collection then run tab.
  • Run Integration Tests

integration Test using Postman Link to document.

Capture2


Security Testing

  • OWASP Zap
  1. Start OWASP ZAP on your system.
  2. Configure ZAP Proxy:
  • Navigate to the "Tools" menu and select "Options."
  • Under the "Local Proxy" section, note the IP address and port number where ZAP is listening for proxy requests set localhost 8081.
  1. Configure Postman file Settings (ctrl + comma) Proxy use coustom proxy configaration localhost 8081.
  2. Explore APIs Send request from postman.
  • Access the APIs you want to test using postman.
  1. Spider the APIs
  • In ZAP, go to the "Spider" tab.
  • Enter the base URL of the APIs and click "Start Scan.".
  1. Active Scan:
  • After spidering is complete, go to the "Active Scan" tab.
  • Click on "Start Scan" to begin the active scanning process.
  1. Review Scan Results:
  • Once the scan is complete, navigate to the "Alerts" tab.
  1. Generate Reports:
  • ZAP allows you to generate reports summarizing the findings of your security testing.
  • Go to the "Report" tab.

security final


Performance Testing

  • Install Atrillert.io
npm install -g artillery
  • sample test:
config:
  target: http://localhost:8080
  phases:
    - duration: 20
      arrivalRate: 5
      name: Startup phase
scenarios:
  - flow:
    - get:
        url: "/api/v1/courses"
  • example: run performance test
npx artillery run performance/demo_api_load.yml
  • Generate report
npx artillery run performance/demo_api_load.yml --output performance/report.json

  • HTML Format
npx artillery report performance/report.json --output performance/report.html
  • Performance test by Artillery

Pref1

  • Performance test by postman.

Profomence test


Review Assignment Due Date

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published